CVE-2021-21381 log

Source
Severity Medium
Remote No
Type Sandbox escape
Description
Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2.
Group Package Affected Fixed Severity Status Ticket
AVG-1678 flatpak 1.10.1-1 1.10.2-1 Medium Fixed
Date Advisory Group Package Severity Type
13 Mar 2021 ASA-202103-4 AVG-1678 flatpak Medium sandbox escape
References
https://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp
https://github.com/flatpak/flatpak/issues/4146
https://github.com/flatpak/flatpak/pull/4156
https://github.com/flatpak/flatpak/commit/8279c5818425b6812523e3805bbe242fb6a5d961